Splunk Enterprise Security

Why am I unable to match the 1st Dropdown List going to 2nd DropDown list using XML coding?

atulod1
New Member

Hi

I would like to ask for help regarding how to match the first dropdown list to the 2nd dropdown list. Here the below is my XML coding.

Payment Requirements -Customed Dashboard

<input type="dropdown" token="tokServer" searchWhenChanged="True">
  <label>Organization Environment</label>
  <fieldForLabel>ServerEnvironment</fieldForLabel>
  <fieldForValue>ServerEnvironment</fieldForValue>
  <search>
    <query>
    | inputlookup server_mapping_list.csv | field ServerEnviroment | dedup ServerEnviroment 

    </query>
     <earliest>-24@h</earliest>
     <latest>now</latest>
     </search>
     <choice value="ServerEnv1"> ServerEnv1</choice>
     <choice value="ServerEnv2"> ServerEnv2</choice>
     <choice value="ServerEnv3"> ServerEnv3</choice>
     <choice value=" ServerEnv4"> ServerEnv4</choice>
     <choice value="ServerEnv5"> ServerEnv5</choice>
      </input>
<input type="dropdown" token="tokPCI" searchWhenChanged="True">
  <label>PCI Requirements</label>
  <fieldForLabel>PCIReq10</fieldForLabel>
  <fieldForValue>PCIReq10</fieldForValue>
  <search>
    <query>
     | inputlookup server_mapping_list.csv | sort  ServerEnviroment ="$tokServer$"
     | makemv delim="," PCIReq10| mvexpand PCIReq10 | table PCIReq10 
      </query>
      <earliest>-24@h</earliest>
    <latest>now</latest>
  </search>
</input>

Here is inputlookup that I created (server_mapping_list.csv)

PCIReq10                    ServerEnvironment
10.2.2                          ServerEnv2, ServerEnv5
10.2.2(SQ01)        ServerEnv3
10.2.2(SQ03)        ServerEnv3
10.2.3          ServerEnv1, ServerEnv4, ServerEnv5
10.2.4          ServerEnv1, ServerEnv3, ServerEnv4, ServerEnv5
10.2.5a         ServerEnv1, ServerEnv4, ServerEnv5
10.2.5b         ServerEnv5
10.2.5c         ServerEnv5

Here is the exact output will come up.
If I choose

ServerEnv1 on the first dropdown list   then 2nd dropdown list, the default will be is 10.2.3, 10.2.4 and 10.2.5a
ServerEnv2 on the first dropdown list then 2nd dropdown list, the default will be 10.2.2
ServerEnv3 on the first dropdown list then 2nd dropdown list, the default will be 10.2.2(SQ01), 10.2.2(SQ03)
ServerEnv4 on the first dropdown list then on the 2nd dropdown list, the default will be 10.2.2, 10.2.3, 10.2.4, and 10.2.5a
ServerEnv5 on the first dropdown list, then on the 2nd dropdown list, the default will be 10.2.2, 10.2.3, 10.2.4, 10.2.5a, 10.2.5b, 10.2.5c

Hoping you can correct my code. Thanks in advance

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...